Collaborate Disseminate
Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number?
I recently decoded a credit card stealing script injected at the bottom of a js/vari… Continue reading Uncommon Radixes Used in Malware Obfuscation
If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it’s highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your we… Continue reading New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites
One of the most important software companies NGINX, which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks, in a deal valued at about $670 million.
While NGINX is not a name that you … Continue reading F5 Networks Acquires NGINX For $670 Million
Welcome to the seventh post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questio… Continue reading PCI for SMB: Requirement 10 & 11 – Regularly Monitor and Test Networks
Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into working in cybersecurity.
Spotlight on Sucuri Women in Cybersecurity
We have asked some of the … Continue reading Spotlight on Women in Cybersecurity
Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across the web use WordPress and many of these websites have still not added an SSL certificate.
Why i… Continue reading How to Add SSL & Move WordPress from HTTP to HTTPS
We are proud to be releasing our latest Hacked Website Trend Report for 2018.
This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes the Incident Response Team (IRT) and the Malware Research Team (MRT… Continue reading Hacked Website Trend Report – 2018
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors.
This is what a typical fake update request looks like:
Users see a message box that says it’s an “Update Center” for yo… Continue reading Fake Browser Updates Push Ransomware and Bank Malware
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners.
The malicious code is obfuscated and injected … Continue reading Google Analytics and Angular in Magento Credit Card Stealing Scripts
Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable.
Last week, developers of t… Continue reading Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week